upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-04 22:32:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netgraph/bluetooth/socket
History
Mark Johnston 28fcfebdaf ng_hci: Add sockaddr validation to sendto() 
ng_btsocket_hci_raw_send() wasn't verifying that the destination address
specified by sendto() is large enough to fill a struct sockaddr_hci.
Thus, when copying the socket address into an mbuf,
ng_btsocket_hci_raw_send() may read past the end of the input sockaddr
while copying.

In practice this is effectively harmless since
ng_btsocket_hci_raw_output() only uses the address to identify a
netgraph node.

Reported by:	Oliver Sieber <oliver@secfault-security.com>
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 7f7b4926a7)
2024-04-29 10:11:07 -04:00
..
ng_btsocket.c sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ng_btsocket_hci_raw.c ng_hci: Add sockaddr validation to sendto() 2024-04-29 10:11:07 -04:00
ng_btsocket_l2cap.c sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ng_btsocket_l2cap_raw.c sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ng_btsocket_rfcomm.c sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
ng_btsocket_sco.c sys: Remove $FreeBSD$: one-line .h pattern 2023-08-16 11:54:18 -06:00
TODO sys: Remove $FreeBSD$: one-line bare tag 2023-08-16 11:55:17 -06:00